Truke – The Recent Menacing Member of the Ransomware Family

Truke – The Recent Menacing Member of
the Ransomware Family
Guide To Remove Truke Ransomware
Truke is the name of the newly discovered Ransomware that belongs to the Djvu
Ransomware Family. It is reported to have infected a large number of systems
across the world so far. Infected e-mail attachments & torrent websites are the
prime means using which Truke Ransomware propagates its infection.
Once the system is infected, Truke employs AES & RSA cryptography method to
encrypt user & system files. It renames the files by appending “.truke” extension to
the filenames & hence makes them inaccessible to the users.
Threat Summary
Name
Truke
Type
Ransomware
Category
Malware
Operating System Impacted
Windows
Targeted Browser Google Chrome, Internet Explorer, Mozilla Firefox
Threat Behavior of Truke Ransomware
Truke Ransomware is the recent menacing member of the giant Malware Family. It
is a variant of the devious STOP (DJVU) Ransomware & has been detected to
spread its infection at an alarming rate.
Truke Cryptovirus encrypts & locks the user & system data found on the impacted
Hard-drive & even on the network-shared location. In order to make it arduous for
the users to recover their files, Truke uses strong cryptographies such as AES &
RAS. These highly-complex Encryption Algorithms require a complicated private
key to decrypt the files.
The original files names are renamed by appending .truke extension to the
filenames.
For example– The
“image1.jpg.truke”.
file
name
“image1.jpg”
might
be
renamed
as
The files targeted by the Truke Ransomware may include files with the extensions
mentioned below-
Document files (.docx, .doc, .odt, .rtf, .text, .pdf, .htm, .ppt)
Audio Files (.mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4)
Video Files (.3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob)
Images (.jpg, .jpeg, .raw, .tif, .gif, .png)
Backup Files (.bck, .bckp, .tmp, .gho)
The primary purpose behind encrypting the files is to extort money by making the
victims pay Ransom for the encrypted files.
Following the encryption, Truke Virus generates a ransom note in text format
named as “_readme.txt”. A Copy of this ransom note is dropped in every existing
folder.
The Ransom Note & Amount for Truke Ransomware
Truke Ransomware delivers a ransom-demanding note on the infected system
which is in the text format & named as “_readme.txt”.
The note appears in the form of a program window & holds the title – “Attention”.
The Ransom Note for the Truke Ransomware states that the all the files are
encrypted with a complex encryption method & a private key.
To purchase the decryption key, victims are required to pay a ransom amount of
$980. In case, the victim contacts the hackers within 72 hours of encryption, they
will receive 50% discount on the ransom amount, which is $490.
In addition to that, users are asked to contact the hackers on the e-mail address –
gorentos@bitmessage.ch or ferast@firemail.cc.
The ransom note further prompts the users to send one encrypted file to the
Truke’s developers, which will be restored for free & sent back to the victim as a
guarantee that files can be actually decrypted.
Despite of such claims, victims are advised not to make any payment to the
hackers. Research analysis has shown that the hackers usually avoid the victims
once the ransom amount has been received.
It is evident that paying Ransom Amount yields no positive result; hence all the
encouragements to pay ransom & contact the hackers should be ignored.
Users must ensure to regular back their data, be vigilant while visiting torrent
websites & avoid clicking on the spam e-mail attachments.
Distribution Techniques of Truke Ransomware–
The hackers behind Truke Ransomware use various techniques to propagate its
infection. These may include:
1). Spam E-mail campaigns & infected attachments
2). Unreliable Third-party software download sources
3). Unofficial download sources (free file-hosting sites, P2P networks)
4). Fake Software Cracks/updaters, freeware, shareware
5). Software Bundling can download Trojans, Ransomware & other malware.
6). By visiting questionable torrent websites & other malware-laden sites
How to Remove Truke Ransomware infection from the system